CVE-2019-11893

MEDIUM Year: 2019
CVSS v3 Score
5.5
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-266
View all →

Vulnerability Description

A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction.

Related Vulnerabilities

CVE-2022-42825

MEDIUM
CVSS:5.5(Medium)

This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An a...

CWE-2662022

CVE-2024-13248

MEDIUM
CVSS:5.5(Medium)

Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0.

CWE-2662024

CVE-2025-2557

MEDIUM
CVSS:5.5(Medium)

A vulnerability, which was classified as critical, has been found in Audi UTR Dashcam 2.0. Affected by this issue is some unknown functionality of the component Command API. The manipulation leads to ...

CWE-2662025

CVE-2025-2954

MEDIUM
CVSS:5.5(Medium)

A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Ha...

CWE-2662025

CVE-2024-25633

MEDIUM
CVSS:5.4(Medium)

eLabFTW is an open source electronic lab notebook for research labs. In an eLabFTW system, one can configure who is allowed to create new user accounts. A vulnerability has been found starting in vers...

CWE-2662024

CVE-2024-50702

MEDIUM
CVSS:5.4(Medium)

TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.

CWE-2662024